Auth API: create user endpoint

[jlui17]

@zhaojzn

User Story

As a dev, I want a callable API to create users for the app so that I don't have to worry about authentication flow on the frontend.

Requirements

We want to send a POST request to the /auth endpoint with the following data in the request, which will create a user:

{
  ...,
  "body": {
    "email": "...",
    "password": "..."
  }
}

This will create a user and return a response like this:

{
  ...,
  "statusCode": 201,
  "body": {
    "needsConfirmation": true (or false)
  }
}

Context

• Currently, our auth flows is all on the frontend (woops). You can check them out here.
  • You should use this file as a reference when working on this ticket.
• Your task is to create a lambda that can create users in Cognito, then hook it up to the /auth endpoint of the ApiGateway.

Guide

1. Before anything, please create a new branch off of main to work on. Branches are like copies of the code that you branch off from, so that you can do whatever you like to it without affecting the main version.
   • You can name the branch anything, but make it something logical :)
   • This is a good resource to learn about branching.
2. Work ITERATIVELY. Build a small part, cdk deploy and verify changes, then keep going. I would do something like:
   • Create a "Hello World" lambda, make sure I can call and run it.
   • Hook it up to the API gateway in the /auth endpoint, make sure I can send requests and get responses.
   • Make the lambda echo back the request body in its response, create a sample response with email and password and verify it echos back the right data.
   • Now you should have everything setup, and all you need is to build out the Cognito logic. Work on it incrementally.
   • Once you have most of the logic implemented, call your endpoint and check the AWS console to see if it created the user.
     • Console -> Cognito -> User Pools -> "employees" -> search by email
3. You will need to download the AWS Cognito Go SDK in the backend.
   • To do that, use go get "github.com/aws/aws-sdk-go/service/cognitoidentityprovider".
   • Then you can import the package by adding "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" to your import statement in the go file.
   • When building out the lambda logic, you can refer to how I did it in the frontend. Most of the steps should be the same. You can use the Cognito Go SDK docs as a reference.
4. To use the Cognito Go SDK, you will need a user pool client ID. You can just use the same one in the reference file for now. Later on, we will explore how to use environment variables and also setup some testing.
5. For an example of how to extract data from the request body, see here on line 48.
6. When you call the SDK to create a user, you should get a response. You need to return the UserConfirmed boolean in the body of the API response.
   • Similar to what I did here.

[jlui17]

Part 2

Okay now that we have a basic endpoint and handler, let's add some security measures and clean up some things :)

Requirements

• Change auth/updates -> auth/create in dir
• Use env variables for clientId instead of hard-code
• Add verification step
  • Get employee Id, if found, create user and return userConfirmed. Else, return 401 with message "Employee not found"

[jlui17]

PR (part 1, 2): https://github.com/jlui17/W2FHR/pull/2

[jlui17]

Part 3

Final step is to use this endpoint in the frontend. We will have to make a few changes to the LoginSignupController.

Requirement

• Update the onSignup to call our API endpoint with the right parameters
  • Make the API call into a hook. You can refer to this as a reference. It might also help to refer to the React-Query library docs.
• We also want to do some password validation. This can be done however you want, but let's try to do this in the simplest way possible. Their passwords should follow the following requirements:
  • One uppercase character
  • One lowercase character
  • One number
  • One special character (make a list of them like "/|.!@", be creative with it)

[zhaojzn]

woopies I took a while 👎, but currently LoginSignUpController works but does not send a verification code because it is not implemented yet.

[jlui17]

Okay wonderful. Let's implement the verification step now, meaning the front and back-end part. After that, we can merge this and deploy it :)

[zhaojzn]

woops its been a while, but I've been so lost on why its sending a code on verification even though I traced through the code to find where it would send a verification code but I didn't even implement it. LoginSignUp and authentication, but its working ??

[jlui17]

I think what's happening is that SignUp from the AWS SDK sends a verification code if successful. The verification only needs to be implemented if, for example, the user doesn't confirm right after they sign up, and needs to get another verification code sent.

I think what we need:

• POST /verify endpoint that takes a verification code and confirms the user
• GET /verify?email={email} endpoint that sends a verification code to that email if they're registered but not confirmed

[jlui17]

Was a big PR, but JZ did a good job :) https://github.com/jlui17/W2FHR/pull/6